Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-1018

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Related bugs and status

CVE-2023-1018 (Candidate) is related to these bugs:

Bug #2009608: Check size of TPM2B_NAME buffer before reading

		In	Importance	Status
2009608	Check size of TPM2B_NAME buffer before reading	libtpms (Ubuntu)	Undecided	Fix Released
2009608	Check size of TPM2B_NAME buffer before reading	libtpms (Ubuntu Jammy)	Undecided	Fix Released
2009608	Check size of TPM2B_NAME buffer before reading	libtpms (Ubuntu Lunar)	Undecided	Fix Released
2009608	Check size of TPM2B_NAME buffer before reading	libtpms (Ubuntu Kinetic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://kb.cert.org/vu...
MISC: https://trustedcomputi...
MISC: https://trustedcomputi...